Merge branch 'mptcp-fixes'

			 info->limit > dfrag->data_len))

		return 0;

	if (unlikely(!__tcp_can_send(ssk)))

		return -EAGAIN;

	/* compute send limit */

	info->mss_now = tcp_send_mss(ssk, &info->size_goal, info->flags);

	copy = info->size_goal;

	if (__mptcp_check_fallback(msk)) {

		if (!msk->first)

			return NULL;

		return sk_stream_memory_free(msk->first) ? msk->first : NULL;

		return __tcp_can_send(msk->first) &&

		       sk_stream_memory_free(msk->first) ? msk->first : NULL;

	}

	/* re-use last subflow, if the burst allow that */

			ret = mptcp_sendmsg_frag(sk, ssk, dfrag, &info);

			if (ret <= 0) {

				if (ret == -EAGAIN)

					continue;

				mptcp_push_release(ssk, &info);

				goto out;

			}

static void __mptcp_destroy_sock(struct sock *sk)

{

	struct mptcp_subflow_context *subflow, *tmp;

	struct mptcp_sock *msk = mptcp_sk(sk);

	LIST_HEAD(conn_list);

	pr_debug("msk=%p", msk);

	might_sleep();

	/* join list will be eventually flushed (with rst) at sock lock release time*/

	list_splice_init(&msk->conn_list, &conn_list);

	mptcp_stop_timer(sk);

	sk_stop_timer(sk, &sk->sk_timer);

	msk->pm.status = 0;

	/* clears msk->subflow, allowing the following loop to close

	 * even the initial subflow

	 */

	mptcp_dispose_initial_subflow(msk);

	list_for_each_entry_safe(subflow, tmp, &conn_list, node) {

		struct sock *ssk = mptcp_subflow_tcp_sock(subflow);

		__mptcp_close_ssk(sk, ssk, subflow, 0);

	}

	sk->sk_prot->destroy(sk);

	WARN_ON_ONCE(msk->rmem_fwd_alloc);

static int mptcp_disconnect(struct sock *sk, int flags)

{

	struct mptcp_subflow_context *subflow, *tmp;

	struct mptcp_sock *msk = mptcp_sk(sk);

	inet_sk_state_store(sk, TCP_CLOSE);

	list_for_each_entry_safe(subflow, tmp, &msk->conn_list, node) {

		struct sock *ssk = mptcp_subflow_tcp_sock(subflow);

		__mptcp_close_ssk(sk, ssk, subflow, MPTCP_CF_FASTCLOSE);

	}

	mptcp_stop_timer(sk);

	sk_stop_timer(sk, &sk->sk_timer);

	if (mptcp_sk(sk)->token)

		mptcp_event(MPTCP_EVENT_CLOSED, mptcp_sk(sk), NULL, GFP_KERNEL);

	mptcp_destroy_common(msk);

	/* msk->subflow is still intact, the following will not free the first

	 * subflow

	 */

	mptcp_destroy_common(msk, MPTCP_CF_FASTCLOSE);

	msk->last_snd = NULL;

	WRITE_ONCE(msk->flags, 0);

	msk->cb_flags = 0;

	return newsk;

}

void mptcp_destroy_common(struct mptcp_sock *msk)

void mptcp_destroy_common(struct mptcp_sock *msk, unsigned int flags)

{

	struct mptcp_subflow_context *subflow, *tmp;

	struct sock *sk = (struct sock *)msk;

	__mptcp_clear_xmit(sk);

	/* join list will be eventually flushed (with rst) at sock lock release time */

	list_for_each_entry_safe(subflow, tmp, &msk->conn_list, node)

		__mptcp_close_ssk(sk, mptcp_subflow_tcp_sock(subflow), subflow, flags);

	/* move to sk_receive_queue, sk_stream_kill_queues will purge it */

	mptcp_data_lock(sk);

	skb_queue_splice_tail_init(&msk->receive_queue, &sk->sk_receive_queue);

{

	struct mptcp_sock *msk = mptcp_sk(sk);

	mptcp_destroy_common(msk);

	/* clears msk->subflow, allowing the following to close

	 * even the initial subflow

	 */

	mptcp_dispose_initial_subflow(msk);

	mptcp_destroy_common(msk, 0);

	sk_sockets_allocated_dec(sk);

}

			 struct sockaddr_storage *addr,

			 unsigned short family);

static inline bool __mptcp_subflow_active(struct mptcp_subflow_context *subflow)

static inline bool __tcp_can_send(const struct sock *ssk)

{

	struct sock *ssk = mptcp_subflow_tcp_sock(subflow);

	/* only send if our side has not closed yet */

	return ((1 << inet_sk_state_load(ssk)) & (TCPF_ESTABLISHED | TCPF_CLOSE_WAIT));

}

static inline bool __mptcp_subflow_active(struct mptcp_subflow_context *subflow)

{

	/* can't send if JOIN hasn't completed yet (i.e. is usable for mptcp) */

	if (subflow->request_join && !subflow->fully_established)

		return false;

	/* only send if our side has not closed yet */

	return ((1 << ssk->sk_state) & (TCPF_ESTABLISHED | TCPF_CLOSE_WAIT));

	return __tcp_can_send(mptcp_subflow_tcp_sock(subflow));

}

void mptcp_subflow_set_active(struct mptcp_subflow_context *subflow);

	}

}

void mptcp_destroy_common(struct mptcp_sock *msk);

void mptcp_destroy_common(struct mptcp_sock *msk, unsigned int flags);

#define MPTCP_TOKEN_MAX_RETRIES	4

		sock_orphan(sk);

	}

	mptcp_destroy_common(mptcp_sk(sk));

	/* We don't need to clear msk->subflow, as it's still NULL at this point */

	mptcp_destroy_common(mptcp_sk(sk), 0);

	inet_sock_destruct(sk);

}

		fcntl(fd, F_SETFL, flags & ~O_NONBLOCK);

}

static void shut_wr(int fd)

{

	/* Close our write side, ev. give some time

	 * for address notification and/or checking

	 * the current status

	 */

	if (cfg_wait)

		usleep(cfg_wait);

	shutdown(fd, SHUT_WR);

}

static int copyfd_io_poll(int infd, int peerfd, int outfd, bool *in_closed_after_out)

{

	struct pollfd fds = {

					/* ... and peer also closed already */

					break;

				/* ... but we still receive.

				 * Close our write side, ev. give some time

				 * for address notification and/or checking

				 * the current status

				 */

				if (cfg_wait)

					usleep(cfg_wait);

				shutdown(peerfd, SHUT_WR);

				shut_wr(peerfd);

			} else {

				if (errno == EINTR)

					continue;

		if (err)

			return err;

		shutdown(peerfd, SHUT_WR);

		shut_wr(peerfd);

		err = do_recvfile(peerfd, outfd);

		*in_closed_after_out = true;

		err = do_sendfile(infd, peerfd, size);

		if (err)

			return err;

		shut_wr(peerfd);

		err = do_recvfile(peerfd, outfd);

		*in_closed_after_out = true;

	}